BORN Ontario child registry data breach affects 3.4 million people
The Better Outcomes Registry & Network (BORN) of Ontario has recently experienced a significant data breach affecting millions. This government-funded healthcare organization focused on perinatal and child registry. These incidents have shed light on the fragility of security systems in governmental entities.
Details of the Breach
It’s known that this data breach contains detailed records of newborns, pregnancies, and in-vitro fertilization cases in the region. Remarkably, around 3.4 million individuals have been affected. The compromised information includes names, addresses, dates of birth, and health card numbers. Furthermore, more specific data such as lab results and birth details were also accessed.
On the brighter side, the affected data does not include financial information, social insurance numbers, health card version, expiry or security codes or patient email addresses.
The breach can be traced back to a vulnerability in the MOVEit Transfer software, identified as CVE-2023-34362. Intriguingly, the group suspected of leveraging this vulnerability is the notorious Clop ransomware gang.
Upon detection of the breach on May 31, BORN took immediate measures. Firstly, they informed the Privacy Commissioner of Ontario. Additionally, cybersecurity experts were consulted to assess and rectify the situation.
Subsequently, BORN decided to remove the compromised MOVEit software from their system. They are currently in the process of implementing stronger security measures to prevent future breaches.
As for now, there’s no evidence to suggest that the breached data has been misused or sold. However, individuals are advised to monitor their personal information and report any suspicious activities to both the police and their service providers.
The Hospital for Sick Children, known as SickKids, disclosed its involvement in the BORN Ontario data breach. Subsequently, SickKids shares sensitive health information related to pregnancy and newborn care with BORN Ontario. However, precise details about the number of SickKids’ affected individuals are not clear. For more details, the hospital suggests visiting BORN’s official page dedicated to the breach.
Unfortunately, this incident raises concerns as SickKids previously faced a ransomware attack by the LockBit ransomware group last December. Surprisingly, the treat actors apologized—blaming the erroneous act of targeting a medical facility on an affiliate, and offered the hospital a “free decryptor.”
Stay up to date with exposed information online. Kaduu with its cyber threat intelligence service offers an affordable insight into the darknet, social media and deep web.